5. fg.workshop
Web Security
"A good programmer is someone who always looks both ways before
crossing a one-way street." — Doug Linder
Marcel Büchler - Ivan Giangreco
6. fg.gallery
fg.workshop
• Galerie zum Hochladen von Bildern
• einfache Benutzerverwaltung
• Benutzer können Bilder bewerten
• PHP, MySQL
8. fg.workshop
fg.gallery
• SQL-Injection • Missing Encryption of Sensitive
Data
• Information Exposure through an
Error Message • Use of Hard-coded Credentials
• Missing Authentication for Critical • Session Hijacking
Function
• Use of Blacklists instead of
• Cross-Site-Scripting Whitelists
• Cross-Site-Request Forgery
• Improper Access Control
• Reliance on Untrusted Inputs
(Spoofed HTTP Requests)
• Unrestricted Upload of File with
Dangerous Type